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Abstract — In this paper, we review some recent results about 
the use of dynamic observers for fault diagnosis of discrete event 
systems. Fault diagnosis consists in synthesizing a diagnoser 
that observes a given plant and identifies faults in the plant as 
soon as possible after their occurrence. Existing literature on 
this problem has considered the case of fixed static observers, 
where the set of observable events is fixed and does not change 
during execution of the system. In this paper, we consider 
dynamic observers: an observer can "switch" sensors on or 
off, thus dynamically changing the set of events it wishes to 
observe. It is known that checking diagnosability (i.e., whether 
a given observer is capable of identifying faults) can be solved 
in polynomial time for static observers, and we show that the 
same is true for dynamic ones. We also solve the problem of 
dynamic observers' synthesis and prove that a most permissive 
observer can be computed in doubly exponential time, using a 
game-theoretic approach. We further investigate optimization 
problems for dynamic observers and define a notion of cost of 
an observer. 

I. Introduction 
A. Monitoring, Testing, Fault Diagnosis and Control 

Many problems concerning the monitoring, testing, fault 
diagnosis and control of discrete event systems (DES) can 
be formalized using finite automata over a set of observable 
events S, plus a set of unobservable events [3], [4]. The 
invisible actions can often be represented by a single unob- 
servable event e. Given a finite automaton over EU{e} which 
is a model of a plant (to be monitored, tested, diagnosed or 
controlled) and an objective (good behaviours, what to test 
for, faulty behaviours, control objective) we want to check if 
a monitor/tester/diagnoser/controller exists that achieves the 
objective, and if possible to synthesize one automatically. 

The usual assumption in this setting is that the set of 
observable events is fixed (and this in turn, determines the set 
of unobservable events as well). Observing an event usually 
requires some detection mechanism, i.e., a sensor of some 
sort. Which sensors to use, how many of them, and where to 

* Preliminary versions of parts of this paper appeared in [1] and [2]. 
t Work suported by the French government under grant ANR-06-SETI. 



place them are some of the design questions that are often 
difficult to answer, especially without knowing what these 
sensors are to be used for. 

In this paper we review some recent results about sensor 
minimization. These results are interesting since observing an 
event can be costly in terms of time or energy: computation 
time must be spent to read and process the information 
provided by the sensor, and power is required to operate 
the sensor (as well as perform the computations). It is 
then essential that the sensors used really provide useful 
information. It is also important for the computer to discard 
any information given by a sensor that is not really needed. 

In the case of a fixed set of observable events, it is not the 
case that all sensors always provide useful information and 
sometimes energy (used for sensor operation and computer 
treatment) is spent for nothing. For example, to detect a fault 
/ in the system described by the automaton B, Figure 1, 
page 3, an observer needs to watch only for event a initially, 
and watch for event b only after a has occurred. If the 
sequence a.b occurs, for sure / has occurred and the observer 
can raise an alarm. If, on the other hand, event b is not 
observed after a, then / has not occurred. It is then not 
useful to switch on sensor b before observing event a. 

B. Sensor Minimization and Fault Diagnosis 

We focus our attention on sensor minimization, without 
looking at problems related to sensor placement, choosing 
between different types of sensors, and so on. We also focus 
on a particular observation problem, that of fault diagnosis. 
We believe, however, that the results we obtain are applicable 
to other contexts as well. 

Fault diagnosis consists in observing a plant and detecting 
whether a fault has occurred or not. We follow the discrete- 
event system (DES) setting of [5] where the behavior of the 
plant is known and a model of it is available as a finite-state 
automaton over £ U {e, /} where S is the set of potentially 
observable events, e represents the unobservable events, and 
/ is a special unobservable event that corresponds to the 



faults . Checking diagnosability (whether a fault can be 
detected) for a given plant and a. fixed set of observable events 
can be done in polynomial time [5], [6], [7]. In the general 
case, synthesizing a diagnoser involves determinization and 
thus cannot be done in polynomial time. 

In this paper, we focus on dynamic observers. For results 
about sensor optimizition with static observers, we refer the 
reader to [2]. 

In the dynamic observers' framework, we assume that an 
observer can decide after each new observation the set of 
events it is going to watch. We first prove that checking 
diagnosability with dynamic observers that are given by 
finite automata can be done in polynomial time. As a 
second aspect, we focus on the dynamic observer synthesis 
problem. We show that computing a dynamic observer for a 
given plant, can be reduced to a game problem. We further 
investigate optimization problems for dynamic observers and 
define a notion of cost of an observer. Finally we show how 
to compute an optimal (cost-wise) dynamic observer. 

C. Related Work 

To our knowledge, the problems of synthesizing dynamic 
observers for diagnosability, studied in Section III, have not 
been addressed previously in the literature. Consequently, the 
associated optimization problems, addressed in section IV, of 
computing an optimal observer is also original and new. 

D. Organisation of the paper. 

In Section II we fix notation and introduce finite automata 
with faults to model DES. 

In Section III we introduce and study dynamic observers 
and show that the most permissive dynamic observer can be 
computed as the strategy in a safety 2-player game. 

We also define a notion of cost for dynamic observers in 
Section IV and show that the cost of a given observer can 
be computed using Karp's algorithm. Finally, we define the 
optimal-cost observer synthesis problem and show it can be 
solved using Zwick and Paterson's result on graph games. 

This paper contains no proofs and the interested reader 
may refer to [1], [2], [8] for the details. 

II. Preliminaries 

A. Words and Languages 

Let S be a finite alphabet and E E = EU {e}. E* is the 
set of finite words over E and contains e which is also the 
empty word and E + = E* \ {e}. A language L is any 
subset of E*. Given two words p, p' we denote p.p' the 
concatenation of p and p' which is defined in the usual way. 
\p\ stands for the length of the word p (the length of the 
empty word is zero) and \p\ x with A G E stands for the 
number of occurrences of A in p. We also use the notation 
5 1 to denote the cardinality of a set S. Given Si C E, we 
define the projection operator on words, n / Sl : E* — > E*, 

'Different types of faults could also be considered, by having different 
fault events /i , /2 , and so on. Our methods can be extended in a straight- 
forward way to deal with multiple faults. We restrict our presentation to a 
single fault event for the sake of simplicity. 



recursively as follows: 71-/5^(6) = e and for a G E )( o G E*, 
tv /^{a.p) = a. it /^{p) if a e Ei and 7r/ Sl (/7) otherwise. 

B. Finite Automata 

Definition 1 (Finite Automaton) An automaton A is a tu- 
ple (Q, qo, E e , S) with Q a set of states 2 , qo G Q is the initial 
state, 5 C Q x E e x 2^ is the transition relation. We write 
q — > q' if q' G S(q, A). For q G Q, en(q) is the set of actions 
enabled at q. 

If Q is finite, A is a finite automaton. An automaton is 
deterministic if for any q G Q, \S(q,e)\ = and for 
any A ^ e, \S(q,X)\ < 1. A labeled automaton A is a 
tuple (Q, go, E, S, L) where (Q, qo, E, 6) is an automaton and 
L : Q — > P where P is a finite set of observations. ■ 

A run p from state s in A is a finite or infinite sequence 
of transitions 

S > Si > S 2 ■ ■ ■ S«-l > S n ■ ■ ■ 

s.t. A; G E £ and so = s. If p is finite and ends in s n 
we let tgt(p) — s n . The set of finite runs from s in A is 
denoted Runs(s,A) and we define Runs(A) = Runs(qo, A). 
The trace of the run p, denoted tr(p), is the word obtained 
by concatenating the symbols Aj appearing in p, for those Ai 
different from e. A word w is accepted by A if w = tr(p) 
for some p G Runs(A). The language C(A) of A is the set 
of words accepted by A. 

Let / G" E e be a fresh letter that corresponds to the fault 
action, W>f = E £ U {/} and A = (Q,q ,E e ^,6). Given 
R C Runs(A), Tr(R) — {tr(p) for p G R} is the set of traces 
of the runs in R. A run p is k-faulty if there is some 1 < i < 
n s.t. Ai = f and n — i > k. Notice that p can be either finite 
or infinite: if it is infinite, n — 00 and n — i>k always holds. 
Faulty >k (A) is the set of fc-faulty runs of A. A run is faulty if 
it is fc-faulty for some k G N and Faulty(A) denotes the set of 
faulty runs. It follows that Faulty >k+1 (A) C Faulty >k (A) C 
••■ C Faulty >Q (A) — Faulty(A). Finally, NonFaulty(A) = 
Runs(A) \ Faulty(A) is the set on non-faulty runs of A. We 
let Faulty> k (A) = Tr(Faulty >k (A)) and NonFaulty" '(A) = 
Tr(NonFaulty(A)) be the sets of traces of faulty and non- 
faulty runs. 

We assume that each faulty run of A of length n can be 
extended into a run of length n + 1. This is required for 
technical reasons (in order to guarantee that the set of faulty 
runs where sufficient time has elapsed after the fault is well- 
defined) and can be achieved by adding e loop-transitions to 
each deadlock state of A. Notice that this transformation does 
not change the observations produced by the plant, thus, any 
observer synthesized for the transformed plant also applies 
to the original one. 

C. Product of Automata 

The product of automata with e-transitions is defined in the 
usual way: the automata synchronize on common labels ex- 
cept fore. LetAi = (Qi,^,Ef,->i) and A 2 = (<3 2 ,g§,E|, 

2 In this paper we often use finite automata that generate prefix-closed 
languages, hence we do not need to use a set of final or accepting states. 
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—►a)- The product of Ai and A2 is the automaton A1XA2 — 
(Q,q ,E,->) where: 

• Q = Qi x Q 2 , 

• 90 = (go, go), 
. E = Si U E 2 , 

• — >-C Q x E x Q is defined by (gi,g2) — > (gi,?^) if ; 

- either a £ £1 Pi £2 ar *d gfc — >fc g^, for fc = 1, 2, 

- or a £ (E» \ E 3 _ 4 ) U {e} and $ A, <^ and g£_ 4 = 
q3_i, for i = 1 or i = 2. 

III. Fault Diagnosis with Dynamic Observers 

In this section we introduce dynamic observers. They can 
choose after each new observation the set of events they are 
going to watch for. To illustrate why dynamic observers can 
be useful consider the following example. 

Example 1 (Dynamic Observation) Assume we want to 
detect faults in automaton B of Figure 1. A static diagnoser 
that observes E = {a, b} can detect faults. However, no 
proper subset of E can be used to detect faults in B. Thus 
the minimum cardinality of the set of observable events for 
diagnosing B is 2 i.e., a static observer will have to monitor 
two events during the execution of the DES.This means that 
an observer will have to be receptive to at least two inputs 
at each point in time to detect a fault in B. One can think of 
being receptive as switching on a device to sense an event. 
This consumes energy. We can be more efficient using a 
dynamic observer, that only turns on sensors when needed, 
thus saving energy. In the case of B, this can be done as 
follows: in the beginning we only switch on the a-sensor; 
once an a occurs the a-sensor is switched off and the b- 
sensor is switched on. Compared to the previous diagnosers 
we use half as much energy. 




Fig. 1. The automaton B 



A. Dynamic Observers 

We formalize the above notion of dynamic observation 
using observers. The choice of the events to observe can 
depend on the choices the observer has made before and 
on the observations it has made. Moreover an observer may 
have unbounded memory. 

Definition 2 (Observer) An observer Obs over E is a de- 
terministic labeled automaton Obs = (S, Sq, E, S, L), where 
S is a (possibly infinite) set of states, Sq £ S is the initial 
state, E is the set of observable events, 5 : S X E —> S is 
the transition function (a total function), and L : S — > 2 s 
is a labeling function that specifies the set of events that the 
observer wishes to observe when it is at state s. We require 
for any state s and any a £ E, if a $ L(s) then S(s, a) = s: 



this means the observer does not change its state when an 
event it has chosen not to observe occurs. ■ 

As an observer is deterministic we use the notation S(so, w) 
to denote the state s reached after reading the word w and 
L(S(so,w)) is the set of events Obs observes after w. 

An observer implicitly defines a transducer that consumes 
an input event a £ E and, depending on the current state 
s, either outputs a (when a £ L(s)) and moves to a new 
state S(s, a), or outputs e, (when a £ L(s)) and remains in 
the same state waiting for a new event. Thus, an observer 
defines a mapping Obs from E* to E* (we use the same 
name "Obs" for the automaton and the mapping). Given a 
run p, Obs(7r/s(fr(p))) is the output of the transducer on p. 
It is called the observation of p by Obs. We next provide 
an example of a particular case of observer which can be 
represented by a finite-state machine. 



baa 




L(0) = {a} L(l) = {b} L(2) = 

Fig. 2. A finite-state observer Obs 

Example 2 Let Obs be the observer of Figure 2. Obs 
maps the following inputs as follows: Obs(baab) = ab, 
Obs(bababbaab) = ab, Obs(bbbbba) = a and Obs(bbaaa) = 
a. If Obs operates on the DES B of Figure 1 and B 
generates f.a.b, Obs will have as input 7T/ S (f.a.b) = a.b 
with E = {a, b}. Consequently the observation of Obs is 
Obs{-K/s{f.a.b)) = a.b. 

B. Fault Diagnosis with Dynamic Diagnosers 

Definition 3 ((Obs, fc) -diagnoser) Let A be a finite automa- 
ton over E e ^ and Obs be an observer over E. D : E* — > 
{0, 1} is an (Obs, fc)-diagnoser for A if 

* V> £ NonFaulty(A), D (Obs (tz /s (tr(p)))) = and 
. Vp e Faulty> k (A), £>(Obs(7r /E (fr(p)))) = 1. ■ 

A is (Obs, fc)-diagnosable if there is an (Obs, fc)-diagnoser 
for A. A is Obs-diagnosable if there is some fc such that A 
is (Obs, fc)-diagnosable. 

If a diagnoser always selects E as the set of observable 
events, it is a static observer and (Obs, fc)-diagnosability 
amounts to the standard (E, fc)-diagnosis problem [5]. 

As for E-diagnosability, we have the following equiva- 
lence for dynamic observers: A is (Obs, fc)-diagnosable iff 

Ob&{7r /s (Faulty'y k (A))) n Obs(-K ^(NonFaultf (A))) = 0. 

Problem 1 (Finite-State Obs-Diagnosability) 

INPUT: A, Obs a finite-state observer. 
Problem: 

(A) Is A Obs-diagnosable? 

(B) If the answer to (A) is "yes", compute the minimum k 
such that A is (Obs, k)-diagnosable. 
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Theorem 1 Problem 1 is in P. 

To prove Theorem 1 we build a product automaton 3 A® Obs 
such that: A is (Obs, fc)-diagnosable A®Obs is (E, k)- 

diagnosable. Given two finite automata A = (Q, qo, £ e '^, — ►) 
and Obs = (S, sq, E, 8, L), the automaton A ® Obs = (Q x 
S, (qo, sq), E £ '^, — >) is defined as follows: 

. (q,s) A (q',s') iff 3A e E s.t. g A g', s' = <S(s,A) 
and j3 = A if A G £(s), (3 = e otherwise; 

. (g, s) A (g', s) iff 3A G {e, /} s.t. g A g'. 
The number of states of A<E)Obs is at most \Q\ x |S| and the 
number of transitions is bounded by the number of transitions 
of A. Hence the size of the product is polynomial in the size 
of the input |^4| + |Obs|. Checking that ^4®Obs is diagnosable 
can be done in polynomial time and Problem l.(A) is in P. 

Example 3 Let B be the DES given in Figure 1 and Obs 
the observer of Figure 2. The product A ® Obs used in the 
above proof is given in Figure 3. 




Fig. 3. The product A ® Obs 

For Problem 1, we have assumed that an observer was 
given. It would be even better if we could synthesize an 
observer Obs such that the plant is Obs-diagnosable. Before 
attempting to synthesize such an observer, we should first 
check that the plant is E-diagnosable: if it is not, then obvi- 
ously no such observer exists; if the plant is E-diagnosable, 
then the trivial observer that observes all events in E at all 
times works 4 . As a first step towards synthesizing non-trivial 
observers, we can attempt to compute the set of all valid 
observers, which includes the trivial one but also non-trivial 
ones (if they exist). 

Problem 2 (Dynamic-Diagnosability) 

Input: A, 

PROBLEM: Compute the set O of all observers such that A 
is Obs-diagnosable iff Obs G O. 

We do not have a solution to the above general problem. 
Instead, we introduce a restricted variant: 

Problem 3 (Dynamic-fc-Diagnosability) 

Input: A, k G N. 

PROBLEM: Compute the set O of all observers such that A 
is (Obs. k)-diagnosable iff Obs 6 O. 

3 We use (2) to clearly distinguish this product from the usual synchronous 
product X. 

4 Notice that this also shows that existence of an observer implies 
existence of a finite-state observer, since the trivial observer is finite-state. 



C. Problem 3 as a Game Problem 

To solve Problem 3 we reduce it to a safety 2-player game. 
In short, the reduction we propose is the following: 

• Player 1 chooses the set of events it wishes to observe, 
then it hands over to Player 2; 

• Player 2 chooses an event and tries to produce a run 
which is the observation of a /c-faulty run and a non- 
faulty run. 

Player 2 wins if he can produce such a run. Other- 
wise Player 1 wins. Player 2 has complete information of 
Player l's moves (i.e., it can observe the sets that Player 1 
chooses to observe). Player 1, on the other hand, only has 
partial information of Player 2's moves because not all events 
are observable (details follow). Let A = (Q, qo, E £ '^, — >) be 
a finite automaton. To define the game, we use two copies 
of automaton A: A\ and A^. The accepting states of A\ 
are those corresponding to runs of A which are faulty and 
where more than k steps occurred after the fault. A2 is a 
copy of A where the /-transitions have been removed. The 
game we are going to play is the following (see Figure 4, 
Player 1 states are depicted with square boxes and Player 2 
states with round shapes): 

1) the game starts in an state (gi, q2) corresponding to the 
initial state of the product of A\ and A 2 . Initially, it is 
Player 1 's turn to play. Player 1 chooses a set of events 
he is going to observe i.e., a subset X of E and hands 
it over to Player 2; 

2) assume the automata A\ and A2 are in states (gi,g 2 )- 
Player 2 can change the state of A\ and A2 by: 

a) firing an action (like Ai, A2, A3, A4 in Figure 4) which 
is not in X in either A\ or A2 (no synchronization). 
In this case a new state (g, g') is reached and Player 2 
can play again from this state; 

b) firing an action in X (like a\, 02 in Figure 4): to do 
this both A\ and A2 must be in a state where A is 
possible (synchronization); after the action is fired a 
new state (q[, q' 2 ) is reached: now it is Player l's turn 
to play, and the game continues as in step 1 above 
from the new state (gi,g 2 )- 

Player 2 wins if he can reach a state (gi, q2) in A\xA2 where 
gi is an accepting state of A\ (this means that Player 1 wins 
if it can avoid ad infinitum this set of states). In this sense 
this is a safety game for Player 1 (and a reachability game for 
Player 2). Formally, the game G A = (Si !±lS 2 , s , £1 WE 2 , S) 
is defined as follows (1+1 denotes union of disjoint sets): 
. S\ = (Q x { — 1, ■ • • , k}) x Q is the set of Player 1 
states; a state ((qi,j),q2) £ Si indicates that A\ is in 
state gi, j steps have occurred after a fault, and g 2 is 
the current state of A2 . If no fault has occurred, j ' = — 1 
and if more than k steps occurred after the fault, we use 
j = k. 

. S 2 — (Q x {-1, ••• ,k}) x Q x 2 s is the set of 
Player 2 states. For a state ((gi, j), q^, X) G S2, the 
triple ((gi,i), g 2 ) has the same meaning as for Si, and 
X is the set of moves Player 1 has chosen to observe 
on its last move. 
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Fig. 4. Game reduction for problem 3 



* so — ((qo, — 1), qo) is the initial state of the game 

belonging to Player 1; 
« Si = 2 s is the set of moves of Player 1; S2 = S e is 

the set of moves of Player 2 (as we encode the fault 

into the state, we do not need to distinguish / from e). 
« the transition relation S C (S\ x Si x S 2 ) U (S 2 x {e} x 

S" 2 ) U (S 2 x S x Si.) is defined by: 

- Player 1 moves: let a G Si and si G Si. Then 
(si,ct, (si,(t)) G 5. 

- Player 2 moves: a move of Player 2 is either 
a silent move (e) i.e., a move of A\ or A 2 or 
a joint move of A\ and A 2 with an observ- 
able action in X. Consequently, a silent move 
((<7i,i),<? 2 ,^),£, (<7i, i),«2,-X")) is in S if one of 
the following conditions holds: 

1) either q' 2 — q 2 , qi — > q[ is a step of Af, £ g" X, 
and if i > then j — min(i + 1, k); if i = — 1 
and £ = f j = otherwise j = i. 

2) either q[ — q±, q 2 — > q' 2 is a step of A 2 , £ ^ X 
(and £ 7^ /), and if i > then j = min(i+l, k), 
otherwise j = i. 

A visible move can be taken by Player 2 if both 
A\ and A 2 agree on doing such a move. In 
this case the game proceeds to a Player 1 state: 
((q x ,i), q 2 ,X), I, ((q[,j),q> 2 ))& 8 if £&X, Ql A 
q[ is a step of A*, q 2 — > q' 2 is a step of A2, and 
if i > then j = min(i + 1, k), otherwise j = i. 
We can show that for any observer O s.t. A is (O, k)- 
diagnosable, there is a strategy f(0) for Player 1 in Ga 
s.t. f(0) is trace-based and winning. A strategy for Player 1 
is a mapping / : Ruiis(Ga) — > Si that associates a move 
/(p) in Si to each run p in Ga that ends in an Si- 
state. A strategy / is trace-based if given two runs p, p', 
if tr(p) = tr(p') then /(p) = f(p'). Conversely, for any 
trace-based winning strategy / (for Player 1), we can build 
an observer 0(f) s.t. A is (O(f), fc)-diagnosable. 

Let O = (S, sq, S, 6, L) be an observer for A. We define 
the strategy f(0) on finite runs of Ga ending in a Player 1 
state by: f(0)(p) = L(5(sq,it /s( f '"(/'))))■ The intuition is 
that we take the run p in Ga, take the trace of p (choices of 
Player 1 and moves of Player 2) and remove the choices of 
Player 1. This gives a word in S*. The strategy for Player 1 
for p is the set of events the observer O chooses to observe 



X , 



Ci 1 - 



after reading 7T/ S (?r(p)) i.e., L(S(s ,n/^(tr(p)))). 
Conversely, with each trace-based strategy / of the game 
Ga we can associate an automaton 0(f) = (S, sq,S,<5, L) 
defined by: 

. S = {tt /x(tr(p)) I p G Out{G A , /) and tgt(p) G Si}; 

• s = e; 

• S(v,£) — v 1 if v G S 1 , u' = u.^ and there is a run 
/9 G Out(G A J) with p = qo 

Xi 1 e* n , A 2 
9i ► <?i — ► ?i — » <?2---<7fe 1 — ■> <? k _! — ► 9fe 

with each qi G Si, qj G S*2, u = tt /s(tr(p)), and 

p ^> <?fe ^ ?fe fc ->• with q k+1 e Si, £ G X fe . 
= u if u G 5 and £ g f(p); 

• L(v) = f(p) if u = ir/z(tr(p)). 

Using the previous definitions and constructions we obtain 
the following theorems: 

Theorem 2 Let O be an observer s.t. A is (O, k)-diagno- 
sable. Then f(0) is a trace-based winning strategy in Ga- 

Theorem 3 Let f be a trace-based winning strategy in Ga- 
Then O(f) is an observer and A is (0(f), k)-diagnosable. 

The result on a game like Ga is that, if there is a 
winning trace-based strategy for Player 1, then there is a most 
permissive strategy Ta which has finite memory. It can be 
represented by a finite automaton Sj^ A — (Wi W W 2 , sn, S U 
2 s , Aa) s.t. A A C (Wi x 2 s x W 2 ) U (W 2 x S x Wi) 
which has size exponential in the size of Ga- For a given 
run p G (S U 2 s )* ending in a W^i-state, we have J-a(w) — 
en(A A (s ,w)). 

D. Most Permissive Observer 

We now define the notion of a most permissive observer 
and show the existence of a most permissive observer for a 
system in case A is diagnosable. Ta is the mapping defined 
at the end of the previous section. 

For an observer O = (S,sq,H,5,L) and w G S* 
we let L(w) be the set L(5(sq,w)): this is the set of 
events O chooses to observe on input w. Given a word 
p G tt/z(£(A)), we recall that O(p) is the observa- 
tion of p by O. Assume O(p) = ao---afc. Let p = 
L(e).e.L(ao).ao- ■ ■ ■ L(0(p)(k)).ak i.e., p contains the his- 
tory of what O has chosen to observe at each step and the 
events that occurred after each choice. 
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Let O : (2 s x E £ )+ -> 2 2S . By definition is the most 
permissive observer for (A, k) if the following holds: 



O = (S, s , 
is an observer and 
and A is (O, k)-diagnosable 



Vw g S*. 
iWso,»))eO(i) 



The definition of the most permissive observer states that: 

• any good observer O (one such that A is (O, k)- 
diagnosable) must choose a set of observable events in 
Oiw) on input w; 

• if an observer chooses its set of observable events in 
0(w) on input w, then it is a good observer. 

Assume A is (E, A:)-diagnosable. Then there is an observer 
O s.t. A is (O, fc)-diagnosable because the constant observer 
that observes E is a solution. By Theorem 2, there is a trace- 
based winning strategy for Player 1 in Ga- 

Theorem 4 Fa is the most permissive observer. 

This enables us to solve Problem 3 and compute a finite 
representation of the set O of all observers such that A is 
(O, fc)-diagnosable iff O G O. Computing Fa can be done 
in 0(2\ Ga \). The size of Ga is quadratic in \A\, linear in 
the size of k, and exponential in the size of E i.e., \Ga\ = 
0(| A| 2 x 2' E x |fe|). This means that computing Fa can be 
done in exponential time in the size of A and k and doubly 
exponential time in the size of E. 

The computation of a generic diagnoser associated with 
the most permissive observer can de done as well. This 
diagnoser is the most permissive dynamic diagnoser and 
contains all the choices a dynamic diagnoser can make to 
be able to diagnose a plant. 

IV. Optimal Dynamic Observers 

In this section we define a notion of cost for observers. 
This will allow us to compare observers w.r.t. to this criterion 
and later on to synthesize an optimal observer. The notion of 
cost we are going to use is inspired by weighted automata. 

A. Weighted Automata & Karp 's Algorithm 

The notion of cost for automata has already been defined 
and algorithms to compute some optimal values related to 
this model are described in many papers. We recall here the 
results of [9] which will be used later. 

Definition 4 (Weighted Automaton) A weighted automa- 
ton is a pair (A,w) s.t. A = (Q,qo,Y<,6) is a finite 
automaton and w : Q — > N associates a weight with each 
state. ■ 



Definition 5 (Mean Cost) Let p 

q n be a run of A. The mean cost of p is 



£12 ai 

go — Mi — > 



i 



We remind that the length of p = qo — h qi — ^> ■ ■ ■ — ^ q n 
is \p | = n. We assume that A is complete w.r.t. E (and 
E ^ 0) and thus contains at least one run for any arbitrary 
length n. Let Runs n (A) be the set of runs of length n in 
Runs(A). The maximum mean-weight of the runs of length 
n for A is v(A,n) = max{/i(p) for p G Runs n (A)}. The 
maximum mean weight of A is v(A) — lim sup^^^ v{A, n). 
Actually the value v(A) can be computed using Karp's 
maximum mean-weight cycle algorithm [9] on weighted 
graphs. If c = so — s\ ■ ■ ■ s n is a cycle of A 
i.e., so = s n , the mean weight of the cycle c is /i(c) = 
^j-j- • X]iLo w ( Si )- The maximum mean-weight cycle of A 
is the value v*{A) — max{/i(c) for c a cycle of A}. As 
stated in [10], for weighted automata, the mean- weight cycle 
value is the value that determines the mean-weight value: 
v{A) = lim sup,^^ v(A, n) = lim^oo v(A, n) = v* (A). 

B. Cost of a Dynamic Observer 

Let Obs = (S, sq, E, S, L) be an observer and A = (Q, 
go>E e '^,— >). We would like to define a notion of cost for 
observers in order to select an optimal one among all of 
those which are valid, i.e., s.t. A is (Obs, fc)-diagnosable. 
Intuitively this notion of cost should imply that the more 
events we observe at each time, the more expensive it is. 

There is not one way of defining a notion of cost and the 
reader is referred to [1] for a discussion on this subject. 

The cost of a word w is given by: 



Cost(w) 



n + l 
with n = \w\. 

We now show how to define and compute the cost of an 
observer Obs that observes a DES A. 

Given a run p 6 Runs(A), the observer only processes 
W/s(tr(p)) (e and /-transitions are not processed). To have 
a consistent notion of costs that takes into account the 
logical time elapsed from the beginning, we need to take 
into account one way or another the number of steps of p 
(the length of p) even if some of them are non observable. 
A simple way to do this is to consider that e and / are now 
observable events, let's say it, but that the observer never 
chooses to observe them. Indeed we assume we have already 
checked that A is (Obs, fc)-diagnosable, and the problem is 
now to compute the cost of the observer we have used. 

Definition 6 (Cost of a Run) Given a run p = qo ai > 



(7 n _i — ^ q n G Runs(A), let Wi 



i=0 



Obs(7T/ s (fr(/9(i)))), < i < n. The cost of p G Runs(A) 
is defined by: 

1 n 

Cost(p, A, Obs) = — — • V \L(S(s ,Wi)\. 
n + l — ' 



We recall that Runs 71 (A) is the set of runs of length n in 
Runs(A). The cost of the runs of length n of A is 

Cost(n, A, Obs) = max{Cost(p, A, Obs) for p G Runs n (A)}. 
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The cost of the pair (Obs, A) is 

Cost(A, Obs) = limsup Cost(n, A, p). 

n— >oo 

Notice that Cost(n, A, Obs) is defined for each n because 
we have assumed A generates runs of arbitrary large length. 

As emphasised previously, in order to compute 
Cost(n, A, Obs) we consider that e and / are now 
observable events, say u, but that the observer never 
chooses to observe them. Let Obs + = (S, sq, E u , 5', L) 
where 6' is 6 augmented with u-transitions that loop on 
each state s G S. Let A + be A where e and / transitions 
are renamed u. Let A + x Obs + be the synchronized 
product of A+ and Obs+. A+ x Obs+ = (Z,z ,T, u ,A) 
is complete w.r.t. and we let w(q,s) = \L(s)\ so that 
(A + x Obs + ,u;) is a weighted automaton. 

Theorem 5 Cost{A, Obs) = v*(A+ x Obs + ). 

Thus we can compute the cost of a given pair (A, Obs): 
this can be done using Karp's maximum mean weight 
cycle algorithm [9] on weighted graphs. This algorithm is 
polynomial in the size of the weighted graph and thus: 

Theorem 6 Computing the cost of (A, Obs) is in P. 

Remark 1 Notice that instead of the values \L(s)\ we could 
use any mapping from states of Obs to Z and consider that 
the cost of observing {a, b} is less than observing a. 

C. Optimal Dynamic Diagnosers 

In this section, we focus on the problem of computing a 
best observer in the sense that diagnosing the DES with it 
has minimal cost. We address the following problem: 

Problem 4 (Bounded Cost Observer) 

Input: A, k e N and eel 
Problem: 

(A) . Is there an observer Obs s.t. A is (Obs,k)-diagnosable 

and Ccwf(Obs) < c ? 

(B) . If the answer to (A) is "yes", compute a witness optimal 

observer Obs with Cosf(Obs) < c. 

Theorem 4, page 6 establishes that there is a most 
permissive observer Ta m case A is (£, fc)-diagnosable and 
it can be computed in exponential time in the size of A and 
k, doubly exponential time in and has size exponential 
in A and k, and doubly exponential in |S|. Moreover the 
most permissive observer Ta can be represented by a finite 
state machine S Ta = ({0, 2 • • • , 1} U ({1, 3, • • • , 21' + 1} x 
2 E ), 0, £ U 2 s , S) which has the following properties: 
• even states are states where the observer chooses a set 

of events to observe; 
« odd states (2i + 1,X) are states where the observer 

waits for an observable event in X to occur; 
. if 5{2i, X) = (2i' + l,X) with X G 2 s , it means that 
from an even state 2i, the automaton Sjr A can select a 
set X of events to observe. The successor state is an odd 



state together with the set X of events that are being 
observed; 

« if S((2i+1, X),a) = 2i' with a G X, it means that from 
(2i + 1,X), Sjr A is waiting for an observable event to 
occur. When some occurs it switches to an even state. 

By definition of Ta, any observer O s.t. A is (O, k)- 
diagnosable must select a set of observable events in 
TA(tr(w)) after having observed w G n iy,{C(A)). 

To compute an optimal observer, we use a result by Zwick 
and Paterson [10] on weighted graph games. 

Definition 7 (Weighted Graph) A weighted directed graph 

is a pair (G,w) s.t. G — (V,E) is a directed graph and 
w : E — > {— W, ■ ■ ■ , 0, • • • , W} assigns an integral weight 
to each edge of G with W G N. We assume that each vertex 
v G V is reachable from a unique source vertex Vo and has 
at least one outgoing transition. ■ 

Definition 8 (Weighted Graph Game) A weighted graph 

game G = (V, E) is a bipartite weighted graph with V = 
VxUV 2 and E = E^E 2 , BiCl/jX V 2 and E 2 CE 2 x E\. 
We assume the initial vertex i>o of G belongs to V\. ■ 

Vertices Vt are Player i's vertex. A weighted graph game 
is a turn based game in which the turn alternates between 
Player 1 and Player 2. The game starts at a vertex Vq G V\. 
Player 1 chooses an edge e\ = (vo,vi) and then Player 2 
chooses an edge e 2 = (vi,v 2 ) and so on and they build 
an infinite sequence of edges. Player 1 wants to maximise 
liminfn^oo ^ • Y^i=i w ( e i) m ^ Player 2 wants to minimize 
limsup„^ oc - • £?=i w(e l ). 

One of the result of [10] is that there is a rational value 
v G Q s.t. Player 1 has a strategy to ensure liminf rl _ ) . 00 ~ ■ 
S™=i w ( e i) ^ v an d Player 2 has a strategy to ensure that 
limsupn^QQ ~ • Y^i=i w ( e i) — v - v ls called the value of 
the game. 

In summary the results by Zwick and Paterson [10] we 
are going to use are: 

« there is a value v G Q, called the value of the 
game s.t. Player 1 has a strategy to ensure that 
lim inf n-^oo — ^ZILi w ( e i) ^ v and Player 2 has a 
strategy to ensure that limsup,,^^ i 5Z" =1 w(&i) < v; 
this value can be computed in 0(|V^| 3 x \E\ x W) where 
W is the range of the weight function (assuming the 
weights are in the interval [— W..VT]). Note that deciding 
whether this value satisfies v tx c for ixiG {=, <, >} for 
c G Q can be done in 0(\V\ 2 x \E\ x W). 

« there are optimal memoryless strategies for both players 
that can be computed in 0(|V| 4 x \E\ x log(|^|/|V|) x 
W). 

To solve Problem 4, we use the most permissive observer 
J- A we computed in section III-D. Given A and Ta, we build 
a weighted graph game G(A, Ta) s.t. the value of the game 
is the optimal cost for the set of all observers. Moreover 
an optimal observer can be obtained by taking an optimal 
memoryless strategy in G(A, Ta)- 
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To build G(A,Ta) we use the same idea as in sec- 
tion IV-B: we replace s and / transitions in A by u obtaining 
A + . We also modify Ta to obtain a weighted graph game 
(T\,w) by adding transitions so that each state 2k + 1 is 
complete w.r.t. This is done as follows: 

• from each (2i + l,X) state, create a new even state 
i.e., pick some 2i' that has not already been used. Add 
transitions {{2i+l,X),a, 2i') for each a G Y. u \en(2i+ 
1, X). Add also a transition (2i', X, (2i + 1, X)). This 
step means that if a A produces an event and it is not 
observable, T\ just reads the event and makes the same 
choice again. 

• the weight of a transition (2i,X, (2i' + l,X)) is \X\. 
The game G(A,Ta) is then A + x T\. This way we can 
obtain a weighted graph game WG(A, Fa) by abstracting 
away the labels of the transitions. Notice that it still enables 
us to convert any strategy in WG(A, Ta) to a strategy in 
Ta- A strategy in WG(A, Ta) will define an edge (2i, (2i' + 
1, X)) to take. As the target vertex contains the set of events 
we chose to observe we can define a corresponding strategy 
in T A - 

By construction of G(A,Ta) and the definition of the 
value of a weighted graph game, the value of the game is 
the optimal cost for the set of all observers O s.t. A is (O, k)- 
diagnosable. 

Assume A has n states and m transitions. From Theorem 4 
we know that Ta has at most (3(2™ 2 x 2 k x 2 2 ' E| ) states 
and 0(2" 2 x 2 k x 2 2 ' E x n 2 x k x m) transitions. Hence 
G(A, Ta) has at most 0(n x 2"~ x 2 k x 2 2 ' S ' ) vertices and 
0(mx2 n x2 k x2 2 ) edges. To make the game complete 
we may add at most half the number of states and hence 
WG(A, Ta) has the same size. We thus obtain the following 
results: 

Theorem 7 Problem 4 can be solved in time 0(|S| x to x 
2" 2 x 2 k x 2 2 ' E| ). 

We can even solve the optimal cost computation problem: 

Problem 5 (Optimal Cost Observer) 

Input: A, k € N. 

Problem: Compute the least value m s.t. there exists an 
observer Obs s.t. A is (Obs,k)-diagnosable and Cosf(Obs) < 
rn. 

Theorem 8 Problem 5 can be solved in time 0(|S| x to x 
2" 2 x 2 k x 2 2 ' S| ). 

A consequence of Theorem 8 and Zwick and Paterson's 
results is that the cost of the optimal observer is a rational 
number. 

V. Conclusions 

In this paper we have addressed sensor minimization 
problems in the context of fault diagnosis, using dynamic 
observers. We proved that, for an observer given by a finite 
automaton, diagnosability can be checked in polynomial time 



(as in the case of static observers). We also solved a synthesis 
problem of dynamic observers and showed that a most- 
permissive dynamic observer can be computed in doubly- 
exponential time, provided an upper bound on the delay 
needed to detect a fault is given. Finally we have defined 
a notion of cost for dynamic obervers and shown how to 
compute the minimal-cost observer that can be used to detect 
faults within a given delay. 

There are several directions we are currently investigating. 

Problem 2 has not been solved so far. The major impedi- 
ment to solve it is that the reduction we propose in section 111 
yields a Biichi game in this case. More generally we plan to 
extend the framework we have introduced for fault diagnosis 
to control under dynamic partial observation and this will 
enable us to solve Problem 2. 

Problem 3 is solved in doubly exponential time. Neverthe- 
less to reduce the number of states of the most permissive 
observer, we point out that only minimal sets of events 
need to be observed. Indeed, if we can diagnose a system 
by observing only £ from some point on, we surely can 
diagnose it using any superset X' D E. So far we keep 
all the sets that can be used to diagnose the system. We 
could possibly take advantage of the previous property using 
techniques described in [11]. 
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